Parasoft, a global leader in automated software testing solutions, today announced complete support for MISRA C++ 2023 with the upcoming release of Parasoft C/C++test 2023.2.
Securing Containers vs. Securing VMs: 4 Key Differences
June 05, 2017
If you work in IT or software development, chances are you're familiar with container technology. Over the last few years, containerization has gained mainstream adoption and a recent 451 report showed that 25 percent of companies are using the technology. Developers love using containers to build, run and ship applications in a flexible and simple way. However, the technology has received backlash for not being as secure as other (traditional) methods, such as Virtual Machines (VMs).
It's easy to bucket containers and VMs together as these technologies are both designed to provide an isolated environment in which to run an application. Therefore, they are often perceived to the public as competing, but in reality, they are complementary and completely different.
Securing containers and securing VMs requires a completely different process. Below are four key differences between securing containers versus securing VMs:
1. Many more entities
Statistics show, that containerized environments typically consist of roughly 1:8 VM to container ratio. While this isn't exact math, it correlates with a known difference between VMs and containers, which is the underlying architecture. With containers, there are multiple entities that make up an application. The applications can then be deconstructed into smaller components thus changing the way they are secured and managed in production.
2. Stateless and immutable
If you're wondering how to backup your container, the answer is simple — you can't. Data doesn't live in the container, instead, it's stored in a named volume that is shared between 1-N containers that the developer defines. Containers run in an immutable fashion, so once the developer backs up the data volume or deploys the container, they will then destroy it. The developer can then redeploy a new version of the image with the upgrade to the application.
This allows security teams to have a greater degree of automation and discover what the application should do, and how to build an application protection profile that's specifically tailored to that version of the app.
3. High rate of change, much more ephemeral
When DevOps teams work together within a containerized environment, build times are reduced from months to hours. Through this continuous integration, applications are constantly being altered and updated — sometimes multiple times a day. This rate of change is much faster than working in a VM environment — empiric data shows that a typical container churns 9 times faster than VMs.
What's even more impressive is that when used correctly with orchestrations, the typical lifetime of a container is less than one day. However, when there are frequent updates in a containerized environment, it can be difficult from a security standpoint to monitor each app iteration as closely as preferred. Therefore, it's critical for dev and security teams to work cohesively and set up proper tooling that will monitor the application lifecycle for any threats.
4. Security is largely in the hands of the developer
In a containerized environment, the developers and DevOps teams are mostly responsible for ensuring and maintaining a secure application. The developers determine how most of the application stack is configured, while the DevOps team is in charge of securing the delivery pipeline, staging, orchestration and the containers' host. Alternatively, in a VM environment, the process is simple and beyond the code, security is owned on a daily basis by the IT team.
4. Security is largely in the hands of the developer
In a containerized environment, the developers and DevOps teams are mostly responsible for ensuring and maintaining a secure application. The developers determine how most of the application stack is configured, while the DevOps team is in charge of securing the delivery pipeline, staging, orchestration and the containers' host. Alternatively, in a VM environment, the process is simple and beyond the code, security is owned on a daily basis by the IT team.
Ben Bernstein is CEO and Co-Founder of Twistlock.
Industry News
November 30, 2023
November 30, 2023
Solo.io achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).
November 29, 2023
CircleCI implemented a gen2 GPU resource class, leveraging Amazon Elastic Compute Cloud (Amazon EC2) G5 instances, offering the latest generation of NVIDIA GPUs and new images tailored for artificial intelligence/machine learning (AI/ML) workflows.
November 29, 2023
XM Cyber announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes environments.
November 29, 2023
PerfectScale has achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).
November 28, 2023
BMC announced two new product innovations, BMC AMI DevX Code Insights and BMC AMI zAdviser Enterprise.
November 28, 2023
Rafay Systems announced the availability of the Rafay Cloud Automation Platform — the evolution of its Kubernetes Operations Platform — to enable platform teams to deliver automation and self-service capabilities to developers, data scientists and other cloud users.
November 28, 2023
Bitrise is integrating with Amazon Web Services (AWS) to provide compliance-conscious companies with greater access to CI/CD capabilities for mobile app development.
November 28, 2023
Armory announced a new unified declarative deployment capability for AWS Lambda.
November 27, 2023
Amazon Web Services (AWS) and Salesforce announced a significant expansion of their long standing, global strategic partnership, deepening product integrations across data and artificial intelligence (AI), and for the first time offering select Salesforce products on the AWS Marketplace.
November 27, 2023
Veracode announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work.
November 27, 2023
Couchbase announced a new Capella columnar service on Amazon Web Services (AWS), enabling organizations to harness real-time analytics to build adaptive applications.
November 21, 2023
Redgate announced the launch of Redgate Test Data Manager, which simplifies the challenges that come with Test Data Management (TDM) and modern software development across multiple databases.
November 21, 2023
mabl announced an integration with GitLab, the AI-powered DevSecOps platform.
November 21, 2023
FusionAuth announced the availability of new software development kits (SDKs) that support Angular, React and Vue JavaScript front-end frameworks.
